Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95187 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 55848 invoked from network); 15 Aug 2016 13:13:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Aug 2016 13:13:39 -0000 Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.21 as permitted sender) X-PHP-List-Original-Sender: cmbecker69@gmx.de X-Host-Fingerprint: 212.227.17.21 mout.gmx.net Received: from [212.227.17.21] ([212.227.17.21:59824] helo=mout.gmx.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 50/62-36656-200C1B75 for ; Mon, 15 Aug 2016 09:13:39 -0400 Received: from [192.168.2.103] ([79.243.112.54]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lw2dd-1b7NNR1lU5-017n5Y; Mon, 15 Aug 2016 15:13:32 +0200 To: Tony Marston , internals@lists.php.net References: <90.51.36656.0C0A1B75@pb1.pair.com> Message-ID: <0cb4db8b-0130-5ba6-6954-d3132345aec3@gmx.de> Date: Mon, 15 Aug 2016 15:13:43 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <90.51.36656.0C0A1B75@pb1.pair.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:VSU33JEUEts8o1utOJHMO68+6fodi1dD4cBAR4+Mb9KaTHSXK5A BOqSLKqgh3FdjmJKYFY0TmUUqwud2Bk/YUnT1omC8cCQy767EBO/8JWKsGtsdUnFI+zk3tS 0wsFPicvJNKqvWfAj+Nzzi7/FEQVlfR9BaXbO3ueJNi/VJfmI+exImgP4u1WumwySDvIF4w 3CfnToFI26uFYMHh+SMpA== X-UI-Out-Filterresults: notjunk:1;V01:K0:At5SofrTD/0=:xgLXQIkEM1PEsMbXtSCY2M Zq1b9azhfcT01Uq5YBiqB3uOYLIDEWAb7zEY6BP1Sp7cvBbcrhgoNDQNq9JfcCIoBYa8aD/RX dSvbF8LKgDOQH6CJBtDZ2FqVwxtNvxp5nZq6OxyYTVItwQ0xuvgcx6Cnutz0y1NXwtS/D3EMo pOq/u2ymAaSSEv4+3eOYvTZyMuOe4sI1aHsIC28drpo0i7y8pLeaHUx90g7VKprjMKPZrHJPU NSIEhUP50NB72OyLJGLOnT1sw9oDayVCFZBnmxoRkQCRKdWURLhGzp2+oZq9uxJsAQYFRMAuO Rfn8xs1c6SqLxZANPAJw1YuD6zKBK0h4Z3V64xLOqfYJBHUFggS9bqBVaQ3sO6oFcbchE6K+b rOEOvcP+r8oFcho+VoQRBouuxHvK6voxOE0Oej61Umb+51EbDf4pGWoIrSSoX5vyVU1gxcN2Z OeeHAThGPqGKib9IQo61LD+jYAqgLMZpstYpOnuSxaoGqb1AwVn9woknUu4fTikkifUoo+Grh 1IhSJSOlyGR/QNHnyxNQZQDN/ZsY2RvJBH+lHMLalvhZV6+m4JDKVzhVXRhjW0gn57zlUrWEQ R6xcjRANBx0bU94nTDjCvFB+nBj6N61ONL2XkI2sqNS9av4ITFnvbcIjrwjF6j/006JMANb21 Bq5Y5TtIOzroDMBxXhuY/lYnce/XdYwUTLjKbIys9+dfOhOyKkztvcqqp8f+VX3MAardY5BtR Qef/cSz4z+bnP+v4W/SwBfgmEKAQxMditfGA+MAKy58QBUTwegqdl1rRFD70pT+uhS74LjiQz pSdsm99 Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module From: cmbecker69@gmx.de ("Christoph M. Becker") On 15.08.2016 at 13:00, Tony Marston wrote: > "Dan Ackroyd" wrote in message > news:CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com... > >> "Input data validation should accept only valid and possible inputs. >> If not, reject it and terminate program." > > I DISagree 100%. Validation errors should NEVER terminate the program, > they should continue by displaying all the error messages to the user so > that he/she can correct his/her mistake and try the operation again. Yasuo (who Dan quoted here) refers to completely invalid input, such as invalid UTF-8 byte sequences. I think, that in this case the app should bail out without even given detailed information, as such grossly invalid input most likely is an attempt to attack (or a severe browser bug). -- Christoph M. Becker